This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Season of Code 2009 - Applications"
From OWASP
Igor Kranjec (talk | contribs) |
Igor Kranjec (talk | contribs) |
||
| Line 17: | Line 17: | ||
| style="width:30%; background:#b3b3b3" align="center"|Applicant's Identification/Project Release Leader<br> | | style="width:30%; background:#b3b3b3" align="center"|Applicant's Identification/Project Release Leader<br> | ||
([[OWASP Season of Code 2009 - Applications - Proposal Type Applicant's Identification|''Please see specifications'']]) | ([[OWASP Season of Code 2009 - Applications - Proposal Type Applicant's Identification|''Please see specifications'']]) | ||
| − | | style="width:70%; background:#C2C2C2" align="left"| | + | | style="width:70%; background:#C2C2C2" align="left"|Igor Kranjec |
|- | |- | ||
| style="width:30%; background:#b3b3b3" align="center"|Application Designation/Name | | style="width:30%; background:#b3b3b3" align="center"|Application Designation/Name | ||
| − | | style="width:70%; background:#C2C2C2" align="left"| | + | | style="width:70%; background:#C2C2C2" align="left"|ASTRanger (Abstract Syntax Tree Ranger) |
|- | |- | ||
| style="width:30%; background:#b3b3b3" align="center"|First (proposed) Reviewer<br> | | style="width:30%; background:#b3b3b3" align="center"|First (proposed) Reviewer<br> | ||
([[OWASP Season of Code 2009 - Applications - Proposal Type Applicant's Identification|''Please see specifications'']]) | ([[OWASP Season of Code 2009 - Applications - Proposal Type Applicant's Identification|''Please see specifications'']]) | ||
| − | | style="width:70%; background:#C2C2C2" align="left"| | + | | style="width:70%; background:#C2C2C2" align="left"|Paulo Coimbra |
|- | |- | ||
| style="width:30%; background:#b3b3b3" align="center"|Application Security Issue Addressed | | style="width:30%; background:#b3b3b3" align="center"|Application Security Issue Addressed | ||
| − | | style="width:70%; background:#C2C2C2" align="left"| | + | | style="width:70%; background:#C2C2C2" align="left"| |
| + | '''Prelude''' | ||
| + | |||
| + | A commonly available tool for the Source Code static analysis (SCA, Static Code Analyzer) is a tool aimed to perform a parsing of the application source code in order to create a reference model on which to apply specific rules to identify problems and create a detailed report. | ||
| + | There are a number of complete and efficient SCA tools available on the market. | ||
| + | |||
| + | '''Problem to be addressed''' | ||
| + | |||
| + | Based on our experience an ideal SCA tool should have the following additional characteristics: | ||
| + | - multiplatform support; | ||
| + | |||
| + | - multi programming language support (with complete grammars, without “syntax holes”); | ||
| + | |||
| + | - ability to execute in stand alone mode or integrated with the most utilized development environment; | ||
| + | |||
| + | - Open Source distribution, with a strong community support; | ||
| + | |||
| + | - Security issues dedicated, with a clean separation between the analysis engine and vulnerability repository; | ||
| + | |||
| + | - Able to analyze large code bases with high performance. | ||
| + | |||
| + | '''Proposal''' | ||
| + | |||
| + | ASTRanger Project foresees the prototype development of a tool for the static analysis of source code that is going to address all of the above problems and will be able to assure that correct security rules (based on OWASP best practices) will be applied at the same time of the source code implementation. The tool will be embedded on the application developed, in such a way becoming a real Security Framework. | ||
| + | |||
|- | |- | ||
| style="width:30%; background:#b3b3b3" align="center"|Prioritized area<br>(''Please choose from'' [[OWASP Season of Code 2009#HOW TO PARTICIPATE (TO DEVELOPERS)|''here'']]) | | style="width:30%; background:#b3b3b3" align="center"|Prioritized area<br>(''Please choose from'' [[OWASP Season of Code 2009#HOW TO PARTICIPATE (TO DEVELOPERS)|''here'']]) | ||
| − | | style="width:70%; background:#C2C2C2" align="left"| | + | | style="width:70%; background:#C2C2C2" align="left"|Global Project Committee |
|- | |- | ||
| style="width:30%; background:#b3b3b3" align="center"|Project Release Roadmap | | style="width:30%; background:#b3b3b3" align="center"|Project Release Roadmap | ||
| − | | style="width:70%; background:#C2C2C2" align="left"| | + | | style="width:70%; background:#C2C2C2" align="left"| |
| − | + | '''Milestones''': | |
| − | + | ||
| − | + | June 30, 2009 - Project Begins | |
| − | + | ||
| + | July 10, 2009 – Requirements Analysis: Functional Requirements Document (FRD) | ||
| + | |||
| + | July 16, 2009 – Requirements Analysis: SAR (System Architectural Requirements) | ||
| + | |||
| + | July 20, 2009 – Identify vulnerabilities and exploitation methods. | ||
| + | |||
| + | July 24, 2009 - Defining rules set for selected vulnerabilities | ||
| + | |||
| + | July 28 2 2009 - Create thresholds for generating security alerts | ||
| + | |||
| + | Aug 3 2009 - Define parsing source code actions in response to security alerts | ||
| + | |||
| + | Aug 6 2009 - Development | ||
| + | Aug 18 2009 – Test and debugging | ||
| − | + | Aug 28, 2009 - Peer Review & Revisions | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | Aug 31, 2009 – Deliver of Prototype (Project Completion) | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|- | |- | ||
| style="width:30%; background:#b3b3b3" align="center"|Other Questions | | style="width:30%; background:#b3b3b3" align="center"|Other Questions | ||
| − | | style="width:70%; background:#C2C2C2" align="left"| | + | | style="width:70%; background:#C2C2C2" align="left"| |} |
| − | |||
| − | |||
| − | |||
Revision as of 18:56, 15 June 2009
This page contains project Applications to the OWASP Season of Code 2009.
A few notes
- If you want to apply for a OWASP SoC 09 sponsorship you HAVE TO USE THIS PAGE for your application.
- See How To Participate for what to do once you completed your Application.
- Please remember that projects will be selected and funded based on how well they meet the Selection Criteria.
- Please see OWASP SoC 08, OWASP SpoC 07 for examples of Applications and OWASP AoC 06.
- You can propose your project in any form you wish, but the best proposals will be well thought out, clear and concise, and reflective of your passion for the topic. We strongly suggest that you include this information in your proposal.
Applications - {Fill in below}
Application 1
| Applicant's Identification/Project Release Leader |
Igor Kranjec |
| Application Designation/Name | ASTRanger (Abstract Syntax Tree Ranger) |
| First (proposed) Reviewer |
Paulo Coimbra |
| Application Security Issue Addressed |
Prelude A commonly available tool for the Source Code static analysis (SCA, Static Code Analyzer) is a tool aimed to perform a parsing of the application source code in order to create a reference model on which to apply specific rules to identify problems and create a detailed report. There are a number of complete and efficient SCA tools available on the market. Problem to be addressed Based on our experience an ideal SCA tool should have the following additional characteristics: - multiplatform support; - multi programming language support (with complete grammars, without “syntax holes”); - ability to execute in stand alone mode or integrated with the most utilized development environment; - Open Source distribution, with a strong community support; - Security issues dedicated, with a clean separation between the analysis engine and vulnerability repository; - Able to analyze large code bases with high performance. Proposal ASTRanger Project foresees the prototype development of a tool for the static analysis of source code that is going to address all of the above problems and will be able to assure that correct security rules (based on OWASP best practices) will be applied at the same time of the source code implementation. The tool will be embedded on the application developed, in such a way becoming a real Security Framework. |
| Prioritized area (Please choose from here) |
Global Project Committee |
| Project Release Roadmap |
Milestones: June 30, 2009 - Project Begins July 10, 2009 – Requirements Analysis: Functional Requirements Document (FRD) July 16, 2009 – Requirements Analysis: SAR (System Architectural Requirements) July 20, 2009 – Identify vulnerabilities and exploitation methods. July 24, 2009 - Defining rules set for selected vulnerabilities July 28 2 2009 - Create thresholds for generating security alerts Aug 3 2009 - Define parsing source code actions in response to security alerts Aug 6 2009 - Development Aug 18 2009 – Test and debugging Aug 28, 2009 - Peer Review & Revisions Aug 31, 2009 – Deliver of Prototype (Project Completion) |
| Other Questions | |} |
